Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp3112746pxy; Mon, 3 May 2021 15:41:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwiWd2bBQQslO1uR3MH4rTZB7asaCxp7SAls5m+XER/P1gR7tmEmqCfN8WgtYUPV9kb3gyz X-Received: by 2002:a63:4652:: with SMTP id v18mr20754870pgk.386.1620081664161; Mon, 03 May 2021 15:41:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620081664; cv=none; d=google.com; s=arc-20160816; b=RG3//MJJBNaXstss43xiTsS562yjOPcjuO+q/RdCnlgMdK3jO+cCXvIvaF8WY0qHBq rbj7qmeXyct1/1aT3CkiKAPLiUClxNTHEL+4UbrVTPNR57YbqYnNBFkSvjzFDCmIJAmb 97rnQPYSaggOVtaeqdO1pdQv3w6ZUyv2u72dmlPSmRh/1Km+LWJrfo5jHmCnSwJLRFUg hBuqCYyVP3ZEK5ciaWVRKoIqPFJ5FLtU+bgG0ItYTTGPIB5/JA4wSXRkuVjkNfrO/imD QF7VIpaD/TcStG10/2E92x6bq2mN3bQc5jSvLaq5sZYJxiSKZDTNVCmnRTOFpPik2yG/ pUjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=y1YsBkk3nF8hXXq+6DztFbpQ0Oqu+eYExpWbpfZz63s=; b=EW5yMQN6R6a4fQcOB6UHqzGxY0pzkIZ6ZnozhMEdPLCjaAjOnZPDs9U9d4c+CMYXz5 vTQ3yTIolqAZatZX9FeHFXwU28xlGO/StOvbxhtrblYTRYIYlvyHQDOme2lFmSnEALRB rGTxSjKguzKTcxxkTzcgeatzHdIu8PgFMwssAKvinfiqXu0BNA86YCw0C9TnD+didzbX HpXB4tUyHI9FFS/21oggL5p4mq6mdVBjHJfwPIi2rEbj+604U4rBDyQFjFNKbDwHLb19 XvY/HXn6vFRx8HYnSORpbtgHpMUpYUSA9Ea/UnPz1nv8LJ164YxyWhpiVSbp0P4W6Um5 1+aA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TXISMs4t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v10si1164620plp.428.2021.05.03.15.40.50; Mon, 03 May 2021 15:41:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TXISMs4t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229839AbhECWh7 (ORCPT + 99 others); Mon, 3 May 2021 18:37:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:38126 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229497AbhECWh6 (ORCPT ); Mon, 3 May 2021 18:37:58 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id DA3DE61208; Mon, 3 May 2021 22:37:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620081424; bh=VmWSfADQetC3TgPVzlYh/EnoLCaaymJ111Jp5fZ0ZE4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TXISMs4t/u0VAJHE11vmDsML8XIBsyHzbUA6YQOzjpOO+EMEs9VV6lsjm32ke+tV1 QiO9yWXal56C0yBZk42Ynfr8h9xeb1up2oJz6NLfB5I5w+5meiqmmVN1Slfw+d1Dfp odTR3OmtSCNvUNUL8IkQtzPn//dgPRDQms+2lCS6gc+4wCP++Xrn6z+2CcM7cwvp0T 9bsbS+vvuyy59TLg08zdY5pQVrG0OnyAMNlh0D3ypbCbArnkvWjjI/1Cxy/QqiLTWm xF9RZyPnhKtOV/CuBvfb1M1+UyLQNX2haAfA/QRyGOe64x/9TpCfSTh/yVpSkb7psX AMANAmdFvqF/A== Date: Tue, 4 May 2021 01:37:01 +0300 From: Jarkko Sakkinen To: Dave Hansen Cc: Tim Gardner , dave.hansen@linux.intel.com, shuah@kernel.org, linux-sgx@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: Subject: [PATCH 0/1] SGX self test fails Message-ID: References: <20210429183952.22797-1-tim.gardner@canonical.com> <6645d579-57f9-7adf-8a3d-f4fb2316b324@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6645d579-57f9-7adf-8a3d-f4fb2316b324@intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 03, 2021 at 09:39:05AM -0700, Dave Hansen wrote: > On 5/3/21 8:41 AM, Jarkko Sakkinen wrote: > >> $ ls -l /dev/sgx_enclave > >> crw------- 1 dave dave 10, 125 Apr 28 11:32 /dev/sgx_enclave > >> $ ./test_sgx > >> 0x0000000000000000 0x0000000000002000 0x03 > >> 0x0000000000002000 0x0000000000001000 0x05 > >> 0x0000000000003000 0x0000000000003000 0x03 > >> SUCCESS > >> > >> *But*, is that OK? Should we be happily creating a PROT_EXEC mapping on > >> a ugo-x file? Why were we respecting noexec on the filesystem but not > >> ugo-x on the file? > > Yeah, this supports my earlier response: > > > > "EPERM The prot argument asks for PROT_EXEC but the mapped area > > belongs to a file on a filesystem that was mounted no-exec." > > https://man7.org/linux/man-pages/man2/mmap.2.html > > > > I guess the right model is to think just as "anonymous memory" > > with equivalent access control semantics after succesfully > > opened for read and write. > > I guess I'll answer my own question: The "x" bit on file permissions > really only controls the ability for the file to be execve()'d, but has > no bearing on the ability for an executable *mapping* to be created. > This is existing VFS behavior and is not specific to SGX. Yeah, that's nicely put it into one sentence :-) > I think I'll just send a patch to pull that warning out. /Jarkko